ExamGecko
Home / Amazon / DVA-C01 / List of questions
Ask Question

Amazon DVA-C01 Practice Test - Questions Answers, Page 11

List of questions

Question 101

Report
Export
Collapse

A Developer is developing an application that manages financial transactions. To improve security, multi-factor authentication (MFA) will be required as part of the login protocol. What services can the Developer use to meet these requirements?

Amazon DynamoDB to store MFA session data, and Amazon SNS to send MFA codes
Amazon DynamoDB to store MFA session data, and Amazon SNS to send MFA codes
Amazon Cognito with MFA
Amazon Cognito with MFA
AWS Directory Service
AWS Directory Service
AWS IAM with MFA enabled
AWS IAM with MFA enabled
Suggested answer: B

Explanation:

AWS documentation - Cognito MFA Managing Security

You can add multi-factor authentication (MFA) to a user pool to protect the identity of your users. MFA adds a second authentication method that doesn't rely solely on user name and password. You can choose to use SMS text messages, or time-based one-time (TOTP) passwords as second factors in signing in your users. You can also use adaptive authentication with its risk-based model to predict when you might need another authentication factor. It's part of the user pool advanced security features, which also include protections against compromised credentials.

asked 16/09/2024
Timothy Brown
33 questions

Question 102

Report
Export
Collapse

A game stores user game data in an Amazon DynamoDB table. Individual users should not have access to other users’ game dat a. How can this be accomplished?

Encrypt the game data with individual user keys.
Encrypt the game data with individual user keys.
Restrict access to specific items based on certain primary key values.
Restrict access to specific items based on certain primary key values.
Stage data in SQS queues to inject metadata before accessing DynamoDB.
Stage data in SQS queues to inject metadata before accessing DynamoDB.
Read records from DynamoDB and discard irrelevant data client-side.
Read records from DynamoDB and discard irrelevant data client-side.
Suggested answer: B
asked 16/09/2024
Calvin Bolico
30 questions

Question 103

Report
Export
Collapse

A company developed a set of APIs that are being served through the Amazon API Gateway. The API calls need to be authenticated based on OpenID identity providers such as Amazon or Facebook. The APIs should allow access based on a custom authorization model.

Which is the simplest and MOST secure design to use to build an authentication and authorization model for the APIs?

Use Amazon Cognito user pools and a custom authorizer to authenticate and authorize users based on JSON Web Tokens.
Use Amazon Cognito user pools and a custom authorizer to authenticate and authorize users based on JSON Web Tokens.
Build a OpenID token broker with Amazon and Facebook. Users will authenticate with these identify providers and pass the JSON Web Token to the API to authenticate each API call.
Build a OpenID token broker with Amazon and Facebook. Users will authenticate with these identify providers and pass the JSON Web Token to the API to authenticate each API call.
Store user credentials in Amazon DynamoDB and have the application retrieve temporary credentials from AWS STS. Make API calls by passing user credentials to the APIs for authentication and authorization.
Store user credentials in Amazon DynamoDB and have the application retrieve temporary credentials from AWS STS. Make API calls by passing user credentials to the APIs for authentication and authorization.
Use Amazon RDS to store user credentials and pass them to the APIs for authentications and authorization.
Use Amazon RDS to store user credentials and pass them to the APIs for authentications and authorization.
Suggested answer: A
asked 16/09/2024
Judith Persons
31 questions

Question 104

Report
Export
Collapse

A supplier is writing a new RESTful API for customers to query the status of orders. The customers requested the following API endpoint. http://www.supplierdomain.com/status/customerID Which of the following application designs meet the requirements? (Select two.)

Amazon SQS; Amazon SNS
Amazon SQS; Amazon SNS
Elastic Load Balancing; Amazon EC2
Elastic Load Balancing; Amazon EC2
Amazon ElastiCache; Amazon Elacticsearch Service
Amazon ElastiCache; Amazon Elacticsearch Service
Amazon API Gateway; AWS Lambda
Amazon API Gateway; AWS Lambda
Amazon S3; Amazon CloudFront
Amazon S3; Amazon CloudFront
Suggested answer: D, E
asked 16/09/2024
Khaled Fouad
33 questions

Question 105

Report
Export
Collapse

A development team consists of 10 team members. Similar to a home directory for each team member the manager wants to grant access to user-specific folders in an Amazon S3 bucket. For the team member with the username “TeamMemberX”, the snippet of the IAM policy looks like this:

Amazon DVA-C01 image Question 105 3863 09162024005626000000

Instead of creating distinct policies for each team member, what approach can be used to make this policy snippet generic for all team members?

Use IAM policy condition
Use IAM policy condition
Use IAM policy principal
Use IAM policy principal
Use IAM policy variables
Use IAM policy variables
Use IAM policy resource
Use IAM policy resource
Suggested answer: C

Explanation:

> https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html > UseAWS Identity and Access Management (IAM) policy variables as placeholders when you don't knowthe exact value of a resource or condition key when you write the policy.

asked 16/09/2024
Calin-Alin Stoenescu
41 questions

Question 106

Report
Export
Collapse

A legacy service has an XML-based SOAP interface. The Developer wants to expose the functionality of the service to external clients with the Amazon API Gateway. Which technique will accomplish this?

Create a RESTful API with the API Gateway; transform the incoming JSON into a valid XML message for the SOAP interface using mapping templates.
Create a RESTful API with the API Gateway; transform the incoming JSON into a valid XML message for the SOAP interface using mapping templates.
Create a RESTful API with the API Gateway; pass the incoming JSON to the SOAP interface through an Application Load Balancer.
Create a RESTful API with the API Gateway; pass the incoming JSON to the SOAP interface through an Application Load Balancer.
Create a RESTful API with the API Gateway; pass the incoming XML to the SOAP interface through an Application Load Balancer.
Create a RESTful API with the API Gateway; pass the incoming XML to the SOAP interface through an Application Load Balancer.
Create a RESTful API with the API Gateway; transform the incoming XML into a valid message for the SOAP interface using mapping templates.
Create a RESTful API with the API Gateway; transform the incoming XML into a valid message for the SOAP interface using mapping templates.
Suggested answer: A

Explanation:

https://blog.codecentric.de/en/2016/12/serverless-soap-legacy-api-integration-java-aws-lambdaaws-api-gateway/

asked 16/09/2024
Marcel Janssen
38 questions

Question 107

Report
Export
Collapse

A company is using AWS CodeBuild to compile a website from source code stored in AWS CodeCommit. A recent change to the source code has resulted in the CodeBuild project being unable to successfully compile the website. How should the Developer identify the cause of the failures?

Modify the buildspec.yml file to include steps to send the output of build commands to Amazon CloudWatch.
Modify the buildspec.yml file to include steps to send the output of build commands to Amazon CloudWatch.
Use a custom Docker image that includes the AWS X-Ray agent in the AWS CodeBuild project configuration.
Use a custom Docker image that includes the AWS X-Ray agent in the AWS CodeBuild project configuration.
Check the build logs of the failed phase in the last build attempt in the AWS CodeBuild project build history.
Check the build logs of the failed phase in the last build attempt in the AWS CodeBuild project build history.
Manually re-run the build process on a local machine so that the output can be visualized.
Manually re-run the build process on a local machine so that the output can be visualized.
Suggested answer: A
asked 16/09/2024
franck ferreira
27 questions

Question 108

Report
Export
Collapse

A web application is using Amazon Kinesis Streams for clickstream data that may not be consumed for up to 12 hours. How can the Developer implement encryption at rest for data within the Kinesis Streams?

Enable SSL connections to Kinesis
Enable SSL connections to Kinesis
Use Amazon Kinesis Consumer Library
Use Amazon Kinesis Consumer Library
Encrypt the data once it is at rest with a Lambda function
Encrypt the data once it is at rest with a Lambda function
Enable server-side encryption in Kinesis Streams
Enable server-side encryption in Kinesis Streams
Suggested answer: D

Explanation:

https://docs.aws.amazon.com/streams/latest/dev/what-is-sse.html

https://aws.amazon.com/about-aws/whats-new/2017/07/amazon-kinesis-streams-introducesserver-side-encryption/

asked 16/09/2024
Christian Walet
35 questions

Question 109

Report
Export
Collapse

A Developer wants to use AWS X-Ray to trace a user request end-to-end throughput the software stack. The Developer made the necessary changes in the application tested it, and found that the application is able to send the traces to AWS X-Ray. However, when the application is deployed to an EC2 instance, the traces are not available.

Which of the following could create this situation? (Select two.)

The traces are reaching X-Ray, but the Developer does not have access to view the records.
The traces are reaching X-Ray, but the Developer does not have access to view the records.
The X-Ray daemon is not installed on the EC2 instance.
The X-Ray daemon is not installed on the EC2 instance.
The X-Ray endpoint specified in the application configuration is incorrect.
The X-Ray endpoint specified in the application configuration is incorrect.
The instance role does not have “xray:BatchGetTraces” and “xray:GetTraceGraph” permissions.
The instance role does not have “xray:BatchGetTraces” and “xray:GetTraceGraph” permissions.
The instance role does not have “xray:PutTraceSegments” and “xray:PutTelemetryRecords” permissions.
The instance role does not have “xray:PutTraceSegments” and “xray:PutTelemetryRecords” permissions.
Suggested answer: B, E
asked 16/09/2024
Mohamed Abdul Haq Mohamed Akram
45 questions

Question 110

Report
Export
Collapse

A Developer executed a AWS CLI command and received the error shown below:

Amazon DVA-C01 image Question 110 3868 09162024005626000000

What action should the Developer perform to make this error human-readable?

Make a call to AWS KMS to decode the message.
Make a call to AWS KMS to decode the message.
Use the AWS STS decode-authorization-message API to decode the message.
Use the AWS STS decode-authorization-message API to decode the message.
Use an open source decoding library to decode the message.
Use an open source decoding library to decode the message.
Use the AWS IAM decode-authorization-message API to decode this message.
Use the AWS IAM decode-authorization-message API to decode this message.
Suggested answer: B

Explanation:

https://docs.aws.amazon.com/cli/latest/reference/sts/decode-authorization-message.htmlThe message is encoded because the details of the authorization status can constitute privileged information that the user who requested the operation should not see. To decode an authorization status message, a user must be granted permissions via an IAM policy to request the DecodeAuthorizationMessage (sts:DecodeAuthorizationMessage ) action.

asked 16/09/2024
Alexander Voronetsky
42 questions
Total 608 questions
Go to page: of 61
Search

Related questions